On Thu, Jun 21, 2012 at 08:02:06AM +1000, Benjamin Herrenschmidt wrote:
On Wed, 2012-06-20 at 16:40 -0500, Anthony Liguori wrote:
Well let's return void in the DMA methods and let the IOMMUs assert on error.
At least that will avoid surprises until someone decides they care enough about
errors to touch all callers.
I think silently failing a memcpy() can potentially lead to a vulnerability so
I'd rather avoid that.
No I'd rather keep the error returns, really, even if that means fixing
a few devices. I can look at making sure we don't pass random qemu data,
on error that's reasonably easy.
assert on error means guest code can assert qemu ... not a great idea
but maybe we can add a warning.
Why not? Guest can always just halt if it wants to anyway.
On the other hand, warnings can fill up host logs so
represent a security problem.